cc2c8bead42e807334275c9b4c42c8f462a1053e4f7e7480119600e377860cfe

Sharing

Copy URL

Twitter E-mail

General

Target

eb3b28c3e78c852f9ac378afc5483e94_JaffaCakes118
Size

1.4MB
Sample

240919-nhyjqswapg
MD5

eb3b28c3e78c852f9ac378afc5483e94
SHA1

b9b5c6f30977511fcc7afd51fe7a948d89bd0234
SHA256

cc2c8bead42e807334275c9b4c42c8f462a1053e4f7e7480119600e377860cfe
SHA512

2fd1da28326570067c87ca6a3ecb08757067d178f0afa80a193e1efc7ac952c51dbed8fea6a5d3648c02c8466e5c616d107a5d21cc254597f3757ceaf7c5eb43
SSDEEP

24576:Ld/uPB7Xe2xqgkJsr8vT5kvggkKK6Fbvvuyoo2wgNkdZpjFzhm:gB7OGNwsIvTMHkKt3uto2NkdZpRVm

Score

7^/10

Malware Config

Targets

- Target
  
  eb3b28c3e78c852f9ac378afc5483e94_JaffaCakes118
- Size
  
  1.4MB
- MD5
  
  eb3b28c3e78c852f9ac378afc5483e94
- SHA1
  
  b9b5c6f30977511fcc7afd51fe7a948d89bd0234
- SHA256
  
  cc2c8bead42e807334275c9b4c42c8f462a1053e4f7e7480119600e377860cfe
- SHA512
  
  2fd1da28326570067c87ca6a3ecb08757067d178f0afa80a193e1efc7ac952c51dbed8fea6a5d3648c02c8466e5c616d107a5d21cc254597f3757ceaf7c5eb43
- SSDEEP
  
  24576:Ld/uPB7Xe2xqgkJsr8vT5kvggkKK6Fbvvuyoo2wgNkdZpjFzhm:gB7OGNwsIvTMHkKt3uto2NkdZpRVm
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  d970f6e5200a676ded18b2dfb39a3352
- SHA1
  
  1d48fb37758c09f3f2a083a2869143383b68daec
- SHA256
  
  c2ae27669651fd5d3142e35d3317f46b7b3a9683b49f93ccf575628d55e8a6da
- SHA512
  
  86798df839c84e2dae4596f5b210edd18feaf8637ebe7925b7d80015ff321d324da47f129b91fb1c3229cac8d4f45de5758069a3e7cce7c9dd2d19e305131982
- SSDEEP
  
  192:s6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTtK72dwF7dBdcQOz:s6JaVh4I5rpPbTt+BdhO
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  10KB
- MD5
  
  bf01b2d04e8fad306ba2f364cfc4edfa
- SHA1
  
  58f42b45ca9fc1818c4498ecd8bac088d20f2b18
- SHA256
  
  d3f9c99e0c1c9acd81a1b33bc3dbd305140def90d10485c253cf1d455f0dc903
- SHA512
  
  30ca1663d659c5efac7fed3d1aaba81c47d5d5fda77f30f021124c882b858732e17f917bfd0aa3ee7b269fad86e75b1b9388d8f916e7a4e2c9961669f2c772e7
- SSDEEP
  
  192:aO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1angMO:vKAFERdlxhGRYUzqZan
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $TEMP/msearch.exe
- Size
  
  58KB
- MD5
  
  b7e8059927e84385fdf6bc7d73a072e0
- SHA1
  
  387b5bd41d1833119b7a936781f561de2bcf9ef8
- SHA256
  
  bd46c539a3bacd4f40171bc441f0baa9aea1821d539e5b94212efae69931a316
- SHA512
  
  3335e7c4e9497b4bd5f6cecd114aa62b11d8ea4fd0fcbfdc013b1af8c5872a5a77c917f7b28891fd6d0c6b789b7677060d14badf1f9794580a2a2969cb68202e
- SSDEEP
  
  1536:vUkhxvEP3fMYqM3WPVjyviqoXqtjqENd/avWX9ws3ic:MWM/fMYr3gVwi0tuC/auX9s
Score

7^/10

adware discovery persistence stealer upx
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral7 behavioral8
- Target
  
  Monkey3.exe
- Size
  
  5.3MB
- MD5
  
  ef499dc8d2d8657e8e9f8b3b3c24a03d
- SHA1
  
  a14a57d2fa10f1d7a2339d4d3729c46c23698f6e
- SHA256
  
  f12947453192591cd9764aca45a149700314dafb47eab9a0ee8a13b843122820
- SHA512
  
  7ece695f97d23fcc813efeaaa206b05cd4f3c7397a355d5fee96f330be6fcc92ee17cc8922dadfd339dbd0a9923a21323f13bb20dd1100a2aff8b19d85e3c3da
- SSDEEP
  
  98304:1rIpLOoxHTIwuWt6BO6cEJ++IrWMyjOp9510YXKMqbhbAh8r5IWd/O1WQfa:1rIpLOodTIwuWt6BO6cEJ++IrVFp63Mu
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Browser Extensions

T1176

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

UPX packed file

Adds Run key to start application

Checks installed software on the system

Installs/modifies Browser Helper Object

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10